Publications

Under European data protection law, consent of the data subject is one of the six grounds for lawful processing of personal data. It is such an important ground that lawmakers considered it necessary to provide a legal definition of consent. One of the conditions under this definition is that it needs to be “freely given.” The General Data Protection Regulation (GDPR) 3 has further expanded on this concept in Article 7(4). It refers to a situation under which consent might not be considered “freely given.” If consent is invalid because it is not freely given, the processing is usually unlawful. Consequently, a legal basis for processing is missing. Therefore, this is an important provision. Yet the wording of this new provision is vague and its scope is unclear. Thus, the question arises as to how Article 7(4) should be applied. In this paper, the authors tease out the assessment criteria for the application of this provision on the basis of its text, structure and history. These criteria will then be applied to hypothetical cases in the final section.